certmanager updated
This commit is contained in:
Олег Бородин
@@ -918,10 +918,10 @@ type CreateServicePairResult struct {
|
||||
unknownFields protoimpl.UnknownFields
|
||||
|
||||
ServiceID int64 `protobuf:"varint,1,opt,name=serviceID,proto3" json:"serviceID,omitempty"`
|
||||
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
|
||||
ServiceName string `protobuf:"bytes,2,opt,name=serviceName,proto3" json:"serviceName,omitempty"`
|
||||
IssuerCertificate string `protobuf:"bytes,3,opt,name=issuerCertificate,proto3" json:"issuerCertificate,omitempty"`
|
||||
IssuerID int64 `protobuf:"varint,4,opt,name=issuerID,proto3" json:"issuerID,omitempty"`
|
||||
Cerificate string `protobuf:"bytes,5,opt,name=cerificate,proto3" json:"cerificate,omitempty"`
|
||||
Certificate string `protobuf:"bytes,5,opt,name=certificate,proto3" json:"certificate,omitempty"`
|
||||
Key string `protobuf:"bytes,6,opt,name=key,proto3" json:"key,omitempty"`
|
||||
}
|
||||
|
||||
@@ -964,9 +964,9 @@ func (x *CreateServicePairResult) GetServiceID() int64 {
|
||||
return 0
|
||||
}
|
||||
|
||||
func (x *CreateServicePairResult) GetName() string {
|
||||
func (x *CreateServicePairResult) GetServiceName() string {
|
||||
if x != nil {
|
||||
return x.Name
|
||||
return x.ServiceName
|
||||
}
|
||||
return ""
|
||||
}
|
||||
@@ -985,9 +985,9 @@ func (x *CreateServicePairResult) GetIssuerID() int64 {
|
||||
return 0
|
||||
}
|
||||
|
||||
func (x *CreateServicePairResult) GetCerificate() string {
|
||||
func (x *CreateServicePairResult) GetCertificate() string {
|
||||
if x != nil {
|
||||
return x.Cerificate
|
||||
return x.Certificate
|
||||
}
|
||||
return ""
|
||||
}
|
||||
@@ -1622,18 +1622,19 @@ var file_certmanagercontrol_proto_rawDesc = []byte{
|
||||
0x03, 0x28, 0x09, 0x52, 0x09, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x24,
|
||||
0x0a, 0x0d, 0x69, 0x6e, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18,
|
||||
0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x69, 0x6e, 0x65, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65,
|
||||
0x73, 0x73, 0x65, 0x73, 0x22, 0xc7, 0x01, 0x0a, 0x17, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53,
|
||||
0x73, 0x73, 0x65, 0x73, 0x22, 0xd7, 0x01, 0x0a, 0x17, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53,
|
||||
0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x61, 0x69, 0x72, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74,
|
||||
0x12, 0x1c, 0x0a, 0x09, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x18, 0x01, 0x20,
|
||||
0x01, 0x28, 0x03, 0x52, 0x09, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x12, 0x12,
|
||||
0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
|
||||
0x6d, 0x65, 0x12, 0x2c, 0x0a, 0x11, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74,
|
||||
0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x69,
|
||||
0x73, 0x73, 0x75, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
|
||||
0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, 0x04, 0x20, 0x01,
|
||||
0x28, 0x03, 0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x12, 0x1e, 0x0a, 0x0a,
|
||||
0x63, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09,
|
||||
0x52, 0x0a, 0x63, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03,
|
||||
0x01, 0x28, 0x03, 0x52, 0x09, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x44, 0x12, 0x20,
|
||||
0x0a, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
|
||||
0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65,
|
||||
0x12, 0x2c, 0x0a, 0x11, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
|
||||
0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x69, 0x73, 0x73,
|
||||
0x75, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1a,
|
||||
0x0a, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03,
|
||||
0x52, 0x08, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x49, 0x44, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x65,
|
||||
0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
|
||||
0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03,
|
||||
0x6b, 0x65, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x22, 0x9b,
|
||||
0x01, 0x0a, 0x17, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
|
||||
0x50, 0x61, 0x69, 0x72, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x65,
|
||||
|
||||
@@ -65,11 +65,11 @@ type Util struct {
|
||||
issuerName string
|
||||
keyFilename string
|
||||
|
||||
signerID int64
|
||||
signerName string
|
||||
signerID int64
|
||||
signerName string
|
||||
|
||||
serviceID int64
|
||||
serviceName string
|
||||
serviceID int64
|
||||
serviceName string
|
||||
}
|
||||
|
||||
func NewUtil() *Util {
|
||||
|
||||
@@ -7,39 +7,39 @@ import (
|
||||
|
||||
cmapi "certmanager/api/certmanagercontrol"
|
||||
"certmanager/internal/descriptor"
|
||||
"certmanager/pkg/cm509"
|
||||
"certmanager/pkg/cm509"
|
||||
)
|
||||
|
||||
func (lg *Logic) CreateIssuerPair(ctx context.Context, params *cmapi.CreateIssuerPairParams) (*cmapi.CreateIssuerPairResult, error) {
|
||||
var err error
|
||||
res := &cmapi.CreateIssuerPairResult{}
|
||||
|
||||
var signerDescr *descriptor.Issuer
|
||||
var signerExists bool
|
||||
if params.SignerID > 0 {
|
||||
signerExists, signerDescr, err = lg.db.GetIssuerByID(ctx, params.SignerID)
|
||||
if !signerExists {
|
||||
err := fmt.Errorf("Issuer with id %d cannot found", params.SignerID)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
} else if params.SignerName != "" {
|
||||
signerExists, signerDescr, err = lg.db.GetIssuerByName(ctx, params.SignerName)
|
||||
if signerExists {
|
||||
err := fmt.Errorf("Issuer with name %s cannot found", params.SignerName)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
}
|
||||
var signerDescr *descriptor.Issuer
|
||||
var signerExists bool
|
||||
if params.SignerID > 0 {
|
||||
signerExists, signerDescr, err = lg.db.GetIssuerByID(ctx, params.SignerID)
|
||||
if !signerExists {
|
||||
err := fmt.Errorf("Issuer with id %d cannot found", params.SignerID)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
} else if params.SignerName != "" {
|
||||
signerExists, signerDescr, err = lg.db.GetIssuerByName(ctx, params.SignerName)
|
||||
if signerExists {
|
||||
err := fmt.Errorf("Issuer with name %s cannot found", params.SignerName)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
}
|
||||
createIssuerPairParams := &cm509.CreateIssuerPairParams{
|
||||
CommonName: params.IssuerCommonName,
|
||||
}
|
||||
if signerDescr != nil {
|
||||
lg.log.Debugf("Create issuer with signer name %s", signerDescr.Name)
|
||||
createIssuerPairParams.SignerCert = signerDescr.Cert
|
||||
createIssuerPairParams.SignerKey = signerDescr.Key
|
||||
}
|
||||
if signerDescr != nil {
|
||||
lg.log.Debugf("Create issuer with signer name %s", signerDescr.Name)
|
||||
createIssuerPairParams.SignerCert = signerDescr.Cert
|
||||
createIssuerPairParams.SignerKey = signerDescr.Key
|
||||
}
|
||||
createIssuerPairRes, err := cm509.CreateIssuerPair(createIssuerPairParams)
|
||||
if err != nil {
|
||||
@@ -52,21 +52,21 @@ func (lg *Logic) CreateIssuerPair(ctx context.Context, params *cmapi.CreateIssue
|
||||
Key: createIssuerPairRes.Key,
|
||||
}
|
||||
|
||||
issuerExists, _, err := lg.db.GetIssuerByName(ctx, issuerDescr.Name)
|
||||
if issuerExists {
|
||||
err := fmt.Errorf("Issuer with name %s already exists", issuerDescr.Name)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
issuerExists, _, err := lg.db.GetIssuerByName(ctx, issuerDescr.Name)
|
||||
if issuerExists {
|
||||
err := fmt.Errorf("Issuer with name %s already exists", issuerDescr.Name)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
||||
issuerID, err := lg.db.InsertIssuer(ctx, issuerDescr)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res.IssuerID = issuerID
|
||||
res.IssuerName = createIssuerPairRes.Name
|
||||
res.Certificate = createIssuerPairRes.Cert
|
||||
res.IssuerName = createIssuerPairRes.Name
|
||||
res.Certificate = createIssuerPairRes.Cert
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
||||
@@ -4,9 +4,9 @@ import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
"certmanager/internal/descriptor"
|
||||
cmapi "certmanager/api/certmanagercontrol"
|
||||
"certmanager/pkg/cm509"
|
||||
"certmanager/internal/descriptor"
|
||||
"certmanager/pkg/cm509"
|
||||
)
|
||||
|
||||
func (lg *Logic) CreateServicePair(ctx context.Context, params *cmapi.CreateServicePairParams) (*cmapi.CreateServicePairResult, error) {
|
||||
@@ -19,7 +19,7 @@ func (lg *Logic) CreateServicePair(ctx context.Context, params *cmapi.CreateServ
|
||||
case params.IssuerID != 0:
|
||||
issuerExists, issuerDescr, err = lg.db.GetIssuerByID(ctx, params.IssuerID)
|
||||
if !issuerExists {
|
||||
err := fmt.Errorf("No signer with this ID was found")
|
||||
err := fmt.Errorf("No signer with id was found", params.IssuerID)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
@@ -27,7 +27,7 @@ func (lg *Logic) CreateServicePair(ctx context.Context, params *cmapi.CreateServ
|
||||
case params.IssuerName != "":
|
||||
issuerExists, issuerDescr, err = lg.db.GetIssuerByName(ctx, params.IssuerName)
|
||||
if !issuerExists {
|
||||
err := fmt.Errorf("No signer with this common name was found")
|
||||
err := fmt.Errorf("No signer with name %s was found", params.IssuerName)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
@@ -56,8 +56,9 @@ func (lg *Logic) CreateServicePair(ctx context.Context, params *cmapi.CreateServ
|
||||
IssuerKey: issuerDescr.Key,
|
||||
IssuerCert: issuerDescr.Cert,
|
||||
IPAddresses: params.InetAddresses,
|
||||
DNSNames: params.Hostnames,
|
||||
}
|
||||
createSericePairRes, err := cm509.CreateServicePairV2(createServicePairParams)
|
||||
createSericePairRes, err := cm509.CreateServicePair(createServicePairParams)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
@@ -73,9 +74,9 @@ func (lg *Logic) CreateServicePair(ctx context.Context, params *cmapi.CreateServ
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
res.Name = createSericePairRes.Name
|
||||
res.ServiceName = createSericePairRes.Name
|
||||
res.ServiceID = serviceID
|
||||
res.Cerificate = createSericePairRes.Cert
|
||||
res.Certificate = createSericePairRes.Cert
|
||||
res.Key = createSericePairRes.Key
|
||||
res.IssuerID = issuerDescr.ID
|
||||
res.IssuerCertificate = issuerDescr.Cert
|
||||
@@ -157,7 +158,7 @@ func (lg *Logic) RevokeServicePair(ctx context.Context, params *cmapi.RevokeServ
|
||||
case params.ServiceID != 0:
|
||||
serviceExists, serviceDescr, err = lg.db.GetServiceByID(ctx, params.ServiceID)
|
||||
if !serviceExists {
|
||||
err := fmt.Errorf("No signer with this ID was found")
|
||||
err := fmt.Errorf("No signer with id %d was found", params.ServiceID)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
@@ -165,7 +166,7 @@ func (lg *Logic) RevokeServicePair(ctx context.Context, params *cmapi.RevokeServ
|
||||
case params.ServiceName != "":
|
||||
serviceExists, serviceDescr, err = lg.db.GetServiceByName(ctx, params.ServiceName)
|
||||
if !serviceExists {
|
||||
err := fmt.Errorf("No signer with this common name was found")
|
||||
err := fmt.Errorf("No signer with name %s was found", params.ServiceName)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
@@ -202,7 +203,7 @@ func (lg *Logic) UnrevokeServicePair(ctx context.Context, params *cmapi.Unrevoke
|
||||
case params.ServiceID != 0:
|
||||
serviceExists, serviceDescr, err = lg.db.GetServiceByID(ctx, params.ServiceID)
|
||||
if !serviceExists {
|
||||
err := fmt.Errorf("No signer with this ID was found")
|
||||
err := fmt.Errorf("No signer with id %d was found", params.ServiceID)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
@@ -210,7 +211,7 @@ func (lg *Logic) UnrevokeServicePair(ctx context.Context, params *cmapi.Unrevoke
|
||||
case params.ServiceName != "":
|
||||
serviceExists, serviceDescr, err = lg.db.GetServiceByName(ctx, params.ServiceName)
|
||||
if !serviceExists {
|
||||
err := fmt.Errorf("No signer with this common name was found")
|
||||
err := fmt.Errorf("No signer with name %s was found", params.ServiceName)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -43,7 +43,7 @@ func TestIssuerCreateV0(t *testing.T) {
|
||||
signerCommonName := "foo.bar"
|
||||
var signerID int64
|
||||
var signerCert string
|
||||
var signerName string
|
||||
var signerName string
|
||||
{
|
||||
createIssuerPairParams := &cmapi.CreateIssuerPairParams{
|
||||
IssuerCommonName: signerCommonName,
|
||||
@@ -61,27 +61,27 @@ func TestIssuerCreateV0(t *testing.T) {
|
||||
signerName = createIssuerPairRes.IssuerName
|
||||
printObj("signerName", signerName)
|
||||
|
||||
signerCertObj, err := cm509.ParseDoubleEncodedCerificate(signerCert)
|
||||
require.NoError(t, err)
|
||||
signerCertObj, err := cm509.ParseDoubleEncodedCerificate(signerCert)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, signerCertObj)
|
||||
printObj("signerCertObj Subject", signerCertObj.Subject.String())
|
||||
printObj("signerCertObj Issuer", signerCertObj.Issuer.String())
|
||||
printObj("signerCertObj Subject", signerCertObj.Subject.String())
|
||||
printObj("signerCertObj Issuer", signerCertObj.Issuer.String())
|
||||
}
|
||||
issuerCommonName := "make.love.not.war"
|
||||
var issuerID int64
|
||||
var issuerCert string
|
||||
var issuerName string
|
||||
var issuerName string
|
||||
{
|
||||
createIssuerPairParams := &cmapi.CreateIssuerPairParams{
|
||||
IssuerCommonName: issuerCommonName,
|
||||
SignerID: signerID,
|
||||
SignerID: signerID,
|
||||
}
|
||||
createIssuerPairRes, err := lg.CreateIssuerPair(ctx, createIssuerPairParams)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, createIssuerPairRes)
|
||||
|
||||
issuerID = createIssuerPairRes.IssuerID
|
||||
printObj("issuerID", issuerID)
|
||||
printObj("issuerID", issuerID)
|
||||
|
||||
issuerCert = createIssuerPairRes.Certificate
|
||||
printObj("issuerCert", issuerCert)
|
||||
@@ -89,17 +89,50 @@ func TestIssuerCreateV0(t *testing.T) {
|
||||
issuerName = createIssuerPairRes.IssuerName
|
||||
printObj("issuerName", issuerName)
|
||||
|
||||
issuerCertObj, err := cm509.ParseDoubleEncodedCerificate(issuerCert)
|
||||
require.NoError(t, err)
|
||||
issuerCertObj, err := cm509.ParseDoubleEncodedCerificate(issuerCert)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, issuerCertObj)
|
||||
printObj("issuerCertObj Subject", issuerCertObj.Subject.String())
|
||||
printObj("issuerCertObj Issuer", issuerCertObj.Issuer.String())
|
||||
printObj("issuerCertObj Subject", issuerCertObj.Subject.String())
|
||||
printObj("issuerCertObj Issuer", issuerCertObj.Issuer.String())
|
||||
|
||||
require.NotEqual(t, issuerCertObj.Subject.String(), issuerCertObj.Issuer.String())
|
||||
require.NotEqual(t, issuerCertObj.Subject.String(), issuerCertObj.Issuer.String())
|
||||
}
|
||||
serviceCommonName := "dont.worry"
|
||||
var serviceID int64
|
||||
var serviceCert string
|
||||
var serviceName string
|
||||
{
|
||||
createServicePairParams := &cmapi.CreateServicePairParams{
|
||||
ServiceCommonName: serviceCommonName,
|
||||
IssuerID: issuerID,
|
||||
InetAddresses: []string{"1.1.1.1", "1.1.1.2", "1.1.1.3"},
|
||||
Hostnames: []string{"dont.worry", "be.happy"},
|
||||
}
|
||||
createServicePairRes, err := lg.CreateServicePair(ctx, createServicePairParams)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, createServicePairRes)
|
||||
|
||||
serviceID = createServicePairRes.ServiceID
|
||||
printObj("serviceID", serviceID)
|
||||
|
||||
serviceCert = createServicePairRes.Certificate
|
||||
printObj("serviceCert", serviceCert)
|
||||
|
||||
serviceName = createServicePairRes.ServiceName
|
||||
printObj("serviceName", serviceName)
|
||||
|
||||
serviceCertObj, err := cm509.ParseDoubleEncodedCerificate(serviceCert)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, serviceCertObj)
|
||||
printObj("serviceCertObj Subject", serviceCertObj.Subject.String())
|
||||
printObj("serviceCertObj Service", serviceCertObj.Issuer.String())
|
||||
printObj("serviceCertObj DNSNames", serviceCertObj.DNSNames)
|
||||
printObj("serviceCertObj IP addresses", serviceCertObj.IPAddresses)
|
||||
|
||||
require.NotEqual(t, serviceCertObj.Subject.String(), serviceCertObj.Issuer.String())
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
func XXXTestIssuerCreate(t *testing.T) {
|
||||
var err error
|
||||
var lg *logic.Logic
|
||||
@@ -260,4 +293,3 @@ func XXXTestIssuerCreate(t *testing.T) {
|
||||
printObj("getServicePairRes", getServicePairRes)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -15,8 +15,8 @@ import (
|
||||
|
||||
type CreateIssuerPairParams struct {
|
||||
CommonName string
|
||||
SignerCert string
|
||||
SignerKey string
|
||||
SignerCert string
|
||||
SignerKey string
|
||||
}
|
||||
type CreateIssuerPairResult struct {
|
||||
Name string
|
||||
@@ -24,34 +24,33 @@ type CreateIssuerPairResult struct {
|
||||
Key string
|
||||
}
|
||||
|
||||
|
||||
func CreateIssuerPair(params *CreateIssuerPairParams) (*CreateIssuerPairResult, error) {
|
||||
var err error
|
||||
res := &CreateIssuerPairResult{}
|
||||
|
||||
if params.SignerKey != "" && params.SignerCert == "" {
|
||||
err = fmt.Errorf("The signature key and certificate must be defined together")
|
||||
return res, err
|
||||
}
|
||||
if params.SignerKey == "" && params.SignerCert != "" {
|
||||
err = fmt.Errorf("The signature key and certificate must be defined together")
|
||||
return res, err
|
||||
}
|
||||
if params.SignerKey != "" && params.SignerCert == "" {
|
||||
err = fmt.Errorf("The signature key and certificate must be defined together")
|
||||
return res, err
|
||||
}
|
||||
if params.SignerKey == "" && params.SignerCert != "" {
|
||||
err = fmt.Errorf("The signature key and certificate must be defined together")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var signerKey any
|
||||
if params.SignerKey != "" {
|
||||
signerKey, err = ParseDoubleEncodedKey(params.SignerKey)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
var signerCert *x509.Certificate
|
||||
if params.SignerCert != "" {
|
||||
signerCert, err = ParseDoubleEncodedCerificate(params.SignerCert)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
var signerKey any
|
||||
if params.SignerKey != "" {
|
||||
signerKey, err = ParseDoubleEncodedKey(params.SignerKey)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
var signerCert *x509.Certificate
|
||||
if params.SignerCert != "" {
|
||||
signerCert, err = ParseDoubleEncodedCerificate(params.SignerCert)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
||||
certPem := make([]byte, 0)
|
||||
keyPem := make([]byte, 0)
|
||||
@@ -77,34 +76,35 @@ func CreateIssuerPair(params *CreateIssuerPairParams) (*CreateIssuerPairResult,
|
||||
CommonName: params.CommonName,
|
||||
}
|
||||
|
||||
certIssuer := certSubject
|
||||
if signerCert != nil {
|
||||
certIssuer = signerCert.Subject
|
||||
}
|
||||
certIssuer := certSubject
|
||||
if signerCert != nil {
|
||||
certIssuer = signerCert.Subject
|
||||
}
|
||||
|
||||
var issuerKey any = certKey
|
||||
if signerKey != nil {
|
||||
issuerKey = signerKey
|
||||
}
|
||||
var issuerKey any = certKey
|
||||
if signerKey != nil {
|
||||
issuerKey = signerKey
|
||||
}
|
||||
|
||||
res.Name = certSubject.String()
|
||||
|
||||
certTempl := &x509.Certificate{
|
||||
SerialNumber: big.NewInt(now.Unix()),
|
||||
NotBefore: now,
|
||||
NotAfter: now.AddDate(yearsAfter, 0, 0),
|
||||
Subject: certSubject,
|
||||
Issuer: certIssuer,
|
||||
IsCA: true,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
||||
SerialNumber: big.NewInt(now.Unix()),
|
||||
NotBefore: now,
|
||||
NotAfter: now.AddDate(yearsAfter, 0, 0),
|
||||
Subject: certSubject,
|
||||
Issuer: certIssuer,
|
||||
IsCA: true,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign |
|
||||
x509.KeyUsageKeyEncipherment | x509.KeyUsageCRLSign,
|
||||
BasicConstraintsValid: true,
|
||||
}
|
||||
|
||||
parentCert := certTempl
|
||||
if signerCert != nil {
|
||||
parentCert = signerCert
|
||||
}
|
||||
parentCert := certTempl
|
||||
if signerCert != nil {
|
||||
parentCert = signerCert
|
||||
}
|
||||
|
||||
certBytes, err := x509.CreateCertificate(rand.Reader, certTempl, parentCert, &certKey.PublicKey, issuerKey)
|
||||
if err != nil {
|
||||
@@ -126,69 +126,6 @@ func CreateIssuerPair(params *CreateIssuerPairParams) (*CreateIssuerPairResult,
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
||||
|
||||
func CreateIssuerPairV0(params *CreateIssuerPairParams) (*CreateIssuerPairResult, error) {
|
||||
var err error
|
||||
res := &CreateIssuerPairResult{}
|
||||
|
||||
certPem := make([]byte, 0)
|
||||
keyPem := make([]byte, 0)
|
||||
|
||||
now := time.Now()
|
||||
|
||||
const yearsAfter int = 10
|
||||
const keySize int = 2048
|
||||
|
||||
key, err := rsa.GenerateKey(rand.Reader, keySize)
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Can't create a private key: %v", err)
|
||||
return res, err
|
||||
|
||||
}
|
||||
keyPemBlock := pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(key),
|
||||
}
|
||||
keyPem = pem.EncodeToMemory(&keyPemBlock)
|
||||
|
||||
subjectName := pkix.Name{
|
||||
CommonName: params.CommonName,
|
||||
}
|
||||
issuerName := subjectName
|
||||
res.Name = subjectName.String()
|
||||
|
||||
certTempl := x509.Certificate{
|
||||
SerialNumber: big.NewInt(now.Unix()),
|
||||
NotBefore: now,
|
||||
NotAfter: now.AddDate(yearsAfter, 0, 0),
|
||||
Subject: subjectName,
|
||||
Issuer: issuerName,
|
||||
IsCA: true,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
||||
BasicConstraintsValid: true,
|
||||
}
|
||||
certBytes, err := x509.CreateCertificate(rand.Reader, &certTempl, &certTempl, &key.PublicKey, key)
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Can't create a certificate: %v", err)
|
||||
return res, err
|
||||
|
||||
}
|
||||
certPemBlock := pem.Block{
|
||||
Type: "CERTIFICATE",
|
||||
Bytes: certBytes,
|
||||
}
|
||||
certPem = pem.EncodeToMemory(&certPemBlock)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
res.Cert = base64.StdEncoding.EncodeToString(certPem)
|
||||
res.Key = base64.StdEncoding.EncodeToString(keyPem)
|
||||
return res, err
|
||||
}
|
||||
|
||||
type CreateServicePairParams struct {
|
||||
CommonName string
|
||||
DNSNames []string
|
||||
@@ -202,7 +139,116 @@ type CreateServicePairResult struct {
|
||||
Key string
|
||||
}
|
||||
|
||||
func CreateServicePairV2(params *CreateServicePairParams) (*CreateServicePairResult, error) {
|
||||
func CreateServicePair(params *CreateServicePairParams) (*CreateServicePairResult, error) {
|
||||
var err error
|
||||
res := &CreateServicePairResult{}
|
||||
|
||||
if params.IssuerKey != "" && params.IssuerCert == "" {
|
||||
err = fmt.Errorf("The signature key and certificate must be defined together")
|
||||
return res, err
|
||||
}
|
||||
if params.IssuerKey == "" && params.IssuerCert != "" {
|
||||
err = fmt.Errorf("The signature key and certificate must be defined together")
|
||||
return res, err
|
||||
}
|
||||
|
||||
var signerKey any
|
||||
if params.IssuerKey != "" {
|
||||
signerKey, err = ParseDoubleEncodedKey(params.IssuerKey)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
var signerCert *x509.Certificate
|
||||
if params.IssuerCert != "" {
|
||||
signerCert, err = ParseDoubleEncodedCerificate(params.IssuerCert)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
||||
certPem := make([]byte, 0)
|
||||
keyPem := make([]byte, 0)
|
||||
|
||||
now := time.Now()
|
||||
|
||||
const yearsAfter int = 10
|
||||
const keySize int = 2048
|
||||
|
||||
certKey, err := rsa.GenerateKey(rand.Reader, keySize)
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Can't create a private key: %v", err)
|
||||
return res, err
|
||||
|
||||
}
|
||||
keyPemBlock := &pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(certKey),
|
||||
}
|
||||
keyPem = pem.EncodeToMemory(keyPemBlock)
|
||||
|
||||
certSubject := pkix.Name{
|
||||
CommonName: params.CommonName,
|
||||
}
|
||||
|
||||
certIssuer := certSubject
|
||||
if signerCert != nil {
|
||||
certIssuer = signerCert.Subject
|
||||
}
|
||||
|
||||
var issuerKey any = certKey
|
||||
if signerKey != nil {
|
||||
issuerKey = signerKey
|
||||
}
|
||||
|
||||
res.Name = certSubject.String()
|
||||
|
||||
netAddresses := make([]net.IP, 0)
|
||||
for _, ipAddress := range params.IPAddresses {
|
||||
netAddress := net.ParseIP(ipAddress)
|
||||
netAddresses = append(netAddresses, netAddress)
|
||||
}
|
||||
|
||||
certTempl := &x509.Certificate{
|
||||
SerialNumber: big.NewInt(now.Unix()),
|
||||
NotBefore: now,
|
||||
NotAfter: now.AddDate(yearsAfter, 0, 0),
|
||||
Subject: certSubject,
|
||||
Issuer: certIssuer,
|
||||
DNSNames: params.DNSNames,
|
||||
IPAddresses: netAddresses,
|
||||
IsCA: false,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
||||
KeyUsage: x509.KeyUsageDigitalSignature,
|
||||
BasicConstraintsValid: true,
|
||||
}
|
||||
|
||||
parentCert := certTempl
|
||||
if signerCert != nil {
|
||||
parentCert = signerCert
|
||||
}
|
||||
|
||||
certBytes, err := x509.CreateCertificate(rand.Reader, certTempl, parentCert, &certKey.PublicKey, issuerKey)
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Can't create a certificate: %v", err)
|
||||
return res, err
|
||||
|
||||
}
|
||||
certPemBlock := pem.Block{
|
||||
Type: "CERTIFICATE",
|
||||
Bytes: certBytes,
|
||||
}
|
||||
certPem = pem.EncodeToMemory(&certPemBlock)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
res.Cert = base64.StdEncoding.EncodeToString(certPem)
|
||||
res.Key = base64.StdEncoding.EncodeToString(keyPem)
|
||||
return res, err
|
||||
}
|
||||
|
||||
func XXXCreateServicePair(params *CreateServicePairParams) (*CreateServicePairResult, error) {
|
||||
var err error
|
||||
|
||||
res := &CreateServicePairResult{}
|
||||
@@ -278,18 +324,13 @@ func CreateServicePairV2(params *CreateServicePairParams) (*CreateServicePairRes
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
func ParseDoubleEncodedCerificate(certString string) (*x509.Certificate, error) {
|
||||
var err error
|
||||
res := &x509.Certificate{}
|
||||
|
||||
certPEM, err := base64.StdEncoding.DecodeString(certString)
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Failed to parse base64 certificate string: %v", err)
|
||||
err := fmt.Errorf("Failed to parse base64 certificate string: %v", err)
|
||||
return res, err
|
||||
}
|
||||
certBlock, _ := pem.Decode([]byte(certPEM))
|
||||
@@ -297,14 +338,14 @@ func ParseDoubleEncodedCerificate(certString string) (*x509.Certificate, error)
|
||||
err := fmt.Errorf("Failed to parse certificate PEM")
|
||||
return res, err
|
||||
}
|
||||
if certBlock.Type != "CERTIFICATE" {
|
||||
if certBlock.Type != "CERTIFICATE" {
|
||||
err := fmt.Errorf("Unknown PEM certificate type: %s", certBlock.Type)
|
||||
return res, err
|
||||
}
|
||||
if len(certBlock.Bytes) == 0 {
|
||||
}
|
||||
if len(certBlock.Bytes) == 0 {
|
||||
err := fmt.Errorf("Empty PEM certificate block")
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
||||
res, err = x509.ParseCertificate(certBlock.Bytes)
|
||||
if err != nil {
|
||||
@@ -322,14 +363,14 @@ func ParseEncodedCerificate(certPEM string) (*x509.Certificate, error) {
|
||||
err := fmt.Errorf("Failed to parse certificate PEM")
|
||||
return res, err
|
||||
}
|
||||
if certBlock.Type != "CERTIFICATE" {
|
||||
if certBlock.Type != "CERTIFICATE" {
|
||||
err := fmt.Errorf("Unknown PEM certificate type: %s", certBlock.Type)
|
||||
return res, err
|
||||
}
|
||||
if len(certBlock.Bytes) == 0 {
|
||||
}
|
||||
if len(certBlock.Bytes) == 0 {
|
||||
err := fmt.Errorf("Empty PEM certificate block")
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
res, err = x509.ParseCertificate(certBlock.Bytes)
|
||||
if err != nil {
|
||||
return res, err
|
||||
@@ -343,7 +384,7 @@ func ParseDoubleEncodedKey(keyString string) (any, error) {
|
||||
|
||||
keyPEM, err := base64.StdEncoding.DecodeString(keyString)
|
||||
if err != nil {
|
||||
err := fmt.Errorf("Failed to parse base64 key string: %v", err)
|
||||
err := fmt.Errorf("Failed to parse base64 key string: %v", err)
|
||||
return res, err
|
||||
}
|
||||
keyBlock, _ := pem.Decode([]byte(keyPEM))
|
||||
|
||||
@@ -94,10 +94,10 @@ message createServicePairParams {
|
||||
}
|
||||
message createServicePairResult {
|
||||
int64 serviceID = 1;
|
||||
string name = 2;
|
||||
string serviceName = 2;
|
||||
string issuerCertificate = 3;
|
||||
int64 issuerID = 4;
|
||||
string cerificate = 5;
|
||||
string certificate = 5;
|
||||
string key = 6;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user